The need for secure data communications or transfers has increased dramatically as the use of networked communications, particularly wireless communications (e.g., cellular communications), has become more accessible and widespread. For example, many mobile communication systems enable mobile clients (e.g., smart mobile phones, personal data assistants, etc.) to download software and access other data and/or services provided by data/application servers.
To provide a more secure environment for these mobile communication systems, mobile clients and servers may use a managed execution environment that provides a security function, which may be used to prevent unauthorized users from gaining access to data within the mobile clients and/or the data/application servers. For example, the Mobile Station Application Execution Environment (MExE) is a well-known wireless communication protocol that may be used with smart mobile phones and other mobile client devices to increase the security of data transactions between the mobile devices and the data/application servers.
Under the MExE security model, each mobile client device holds one or more digital certificates that designate the identity of the application server that must digitally sign software to enable that mobile client device to download and execute software from that application server. In other words, for a mobile client to download and execute an application provided by a server, the mobile client must hold a digital certificate that corresponds to (e.g., is identical to) a digital certificate held by the server. Typically, application servers that supply software to mobile clients have multiple digital signatures of the software available for downloading. Each of these digital signatures may be created using a different digital certificate associated with a party authorized to create the software (e.g., a device manufacturer, a service provider, a software provider, etc.).
As is well known, a digital signature is typically generated by encrypting (e.g., using a private key from a public-private key combination) the hash of a message (e.g., a software application, a document, etc.) to be sent. In this manner, a digital signature can be used by a receiving entity to determine the identity of the originating entity and to determine that the received message has not been altered from what was sent by the originating entity. A digital certificate, on the other hand, typically contains a name (e.g., a user name), a serial number, a public key for encrypting data, expiration dates, and the signature of a certifying authority (certificate authority). In general, a digital certificate may be used to establish the credentials of an entity within a communication system or network and the public key portion of the certificate may be used to check or verify digital signatures.
In many mobile communication systems, the mobile clients freely provide or publish their digital certificates when negotiating a data transfer (i.e., establishing a communication link for data exchange) with another party (e.g., an application server). Similarly, application servers within these mobile communication systems may freely provide information relating to the digital signatures of available software or other data to clients requesting access to that software or other data.
Although it is generally desirable to provide digital signature and digital certificate information only to known authorized entities within the communication network to maintain a high degree of network security, existing systems typically require this information to be released during the initial stages of a data transfer negotiation. Unfortunately, the release of digital certificate information or digital signature information during initial negotiations between two or more parties within a communication network can compromise the security of the network. In particular, the party releasing the digital certificate or signature information is typically unable to distinguish an authorized requesting entity from an attacker. Thus, if an attacker determines what digital certificates are authorized by, for example, a particular client device, the attacker can concentrate its efforts on overcoming a specific digital certificate. Likewise, if the attacker determines what digital signatures are authorized by a particular server, the attacker can concentrate its efforts on overcoming a specific digital signature.